What is used to enter an electronic signature? Introduction to public key cryptography. Types of digital signatures and their differences

Lecture 7.

Electronic signature

Introduction

Study questions:

4. Electronic data exchange.

Conclusion

Introduction

Electronic digital signature

electronic signature"(abbreviation - " EP»).

History of origin

Russia

AND " digital signature" are synonyms.

electronic signature,

electronic signature key

Private key storage

The private key is the most vulnerable component of the entire digital signature cryptosystem. An attacker who steals a user's private key can create a valid digital signature for any electronic document on behalf of that user. Therefore, special attention must be paid to the way the private key is stored. The user can store the private key on his personal computer, protecting it with a password. However, this storage method has a number of disadvantages, in particular, the security of the key depends entirely on the security of the computer, and the user can sign documents only on this computer.

Currently, the following private key storage devices exist:

· Floppy disks.

· Smart cards.

· USB keychains.

· Touch-Memory tablets.

Theft or loss of one of these storage devices can be easily noticed by the user, after which the corresponding certificate can be immediately revoked.

The most secure way to store a private key is on a smart card. In order to use a smart card, the user must not only have it, but also enter a PIN code, that is, two-factor authentication is obtained. After this, the document to be signed or its hash is transferred to the card, its processor signs the hash and transmits the signature back. During the process of generating a signature in this way, the private key is not copied, so only a single copy of the key exists at all times. In addition, copying information from a smart card is more difficult than from other storage devices.

In accordance with the Law “On Electronic Signatures”, the owner is responsible for storing the private key.

ED formation technology

Known since ancient times cryptographic method , later called encryption by using symmetric key , when used for encryption and decryption it is used one and the same key (cipher, method).

The main problem with symmetric encryption is the confidentiality of the transfer of the key from the sender to the recipient.

Revealing the key during transmission is tantamount to revealing the document and allowing an attacker to forge it.

In the 70s an algorithm was invented asymmetric encryption .

A document is encrypted with one key and decrypted with another, and using the first one it is almost impossible to calculate the second one, and vice versa.

Therefore, if the sender encrypts the document secret key , A public (open) provides the key to the recipients, they will be able to decrypt the document encrypted by the sender, and only by him.

If the recipient was able to decrypt the hash value using the sender's public key, then it was the sender who encrypted the hash value (authentication).

If the calculated and decrypted hash values ​​are the same, then the document has not been modified (identification).

Any corruption (intentional or unintentional) of the document during transmission will give a new value to the hash function calculated by the recipient, and the signature verification program will report that the signature on the document is incorrect.

Digital signature represents a relatively small amount of additional digital information transmitted along with the signed text.

The electronic signature system includes two procedures: 1) signature procedure; 2) signature verification procedure. In procedure signing used The secret key sender of the message, in the procedure signature verification - public key sender.

When generating an electronic signature, the sender first of all calculates hash function h(M) of the signed text M. The calculated hash function value h(M) is one short block of information m, characterizing the entire text M as a whole. The number m is then encrypted with the sender's secret key. The resulting pair of numbers represents the EP for a given text M.

When checking the electronic signature, the message recipient again calculates the hash function m = h(M) of the text M received over the channel, and then, using the sender’s public key, checks whether the received signature corresponds to the calculated hash function value m.

The fundamental point in the electronic signature system is the impossibility of falsifying the user’s electronic signature without knowing his secret signing key.

The procedures for signing and verifying them can be schematically presented as follows:

Any file can be used as a signed document. A signed file is created from an unsigned file by adding one or more electronic signatures to it.

Each signature contains the following information:

date of signature;

expiration date of the key for this signature;

information about the person who signed the file (full name, position, short name of the company);

signer ID (public key name);

the actual digital signature.

Electronic Data Interchange

EDI (Electronic Data Interchange) is a technology for automated exchange of electronic messages in standardized formats between business partners.

At the same time, documents that have a convenient and specific form for each company in their original (“human”) form are transparently transferred between various partners in a standard “electronic” format (using a converter (at the input) and a deconverter (at the output, respectively)). The technology guarantees both the correctness of data conversion and the delivery of messages to recipients and the sequence of message delivery. At the same time, the reliability and confidentiality of the transmitted information is ensured.

In its classic form, EDI involves fully automated interaction between partner information systems, excluding human participation. Each party can act as both a sender and a recipient of messages. This integration option gives the maximum effect when implementing this technology.

On modern stage EDI technology developments allow not only saving money, but also simplifying and optimizing management and decision-making processes, and generally optimizing and increasing business efficiency.

The practice of electronic commerce based on EDI systems dates back more than 30 years and is summarized in standards for the execution of trade transactions and the presentation of structured business documents.

When developing standards electronic document management the use of these “paper” documents used in economic activity was analyzed.

It was proposed to highlight the most repeated data and highlight the corresponding data fields in them. Subsequently, a system of tables was developed to fill them out - global data directories and technology for their synchronization.

EDI Standards

EDI is based on the following main standards:

UN/EDIFACT– United Nations Electronic Data Interchange for Administration, Commerce and Transport - “UN Rules for the Electronic Interchange of Documents for Government Administration, Commerce and Transport” - a fundamental global redundant standard containing the most common directories of international codes and message formats, expanded to satisfy all possible requests users.

(UN/CEFACT)– UN/EDIFACT standard adapted by the United Nations Center for Facilitation of International Trade and Electronic Business (CEFACT)

GS1 EANCOM– EDIFACT subset for retail- developed by the international GS1 association and supplemented by the use of key GS1 system identifiers,

GS1 XML– a modern message format used in supply chain communications within the GS1 system.

GS1 system is an international, global, diversified system of standards covering more than 100 countries. The GS1 system is the most widely used international supply chain standards system. Currently, over a million companies around the world use GS1 standards. National GS1 Associations provide support for the system in their countries and support for national languages ​​within the GS1 system.

The GS1 system architecture is based on key identifiers , the main ones being:

GTIN (Global Trade Item Number) – global trade item number (trade item) – a unique identification number of a trade item in the GS1 system. This identifier is represented as a barcode symbol on the product packaging

GLN(Global Location Number) - global location number - a unique number in the GS1 system to identify participants in the supply chain and their material, functional or legal objects (divisions) (branches/offices/warehouses/ramps, etc.). Used primarily in EDI to efficiently identify all objects related to deliveries.

SSCC (Serial Shipping Container Code) – serial code of transport packaging (SKTU) – a unique identifier of a logistics (transport) unit. SSCC is very convenient for marking goods to be transported.

The key GS1 system identifiers are:

unique - the method of generating numbers ensures the uniqueness of each number;

international - these numbers are unique throughout the world;

diversified - the non-significant nature of the numbers allows you to consistently identify any object, regardless of type entrepreneurial activity;

A simple structure of numbers allows you to automate the processing and transmission of data.

GLN number is a global unique digital code that identifies a participant in the supply chain (the counterparty or its structural unit or facility).

The assignment of GLNs is governed by GS1 standards to ensure that each individual number is unique throughout the world. To obtain a GLN number, an enterprise must become a member of the national GS1 association (in the Russian Federation, such an organization is GS1 Russia - GS1 RUS.).

GLN identification numbers are widely used daily by more than 200,000 companies engaged in various types of business activities

To transition to using EDI technology, it is necessary to connect partners to a specialized commercial messaging platform (e-commerce platform), use tools for converting messages to a standard format and transmitting “standardized” messages to the addressee. This interaction scheme allows you to connect to EDI once and uniformly exchange messages with all partners, rather than create and configure a method for exchanging documents with each counterparty.

Integration of systems, transformation and transmission of messages between partners is carried out by specialized companies - authorized EDI providers. The provider provides its clients with a reliable channel for transmitting messages to all counterparties (access to its commercial messaging platform) and maintains the agreed level of service. The participation of an authorized provider is important, because this guarantees both a high technical level of the services provided and the level of service, as well as compliance of the services with GS1 standards, which in turn makes it possible to roam with other providers (including international ones).

To start exchanging documents via EDI you need to:

· obtain a GLN number;

· select a connection option (full integration or Web-EDI),

· make a connection,

· start working.

Popular Applications:

· Distribution,

· Retail,

· Warehouse management,

· Transport,

· Banking sector and management cash flows

Conclusion

Unlike a handwritten signature, an electronic digital signature is not physical, but logical in nature - it is simply a sequence of characters that allows you to uniquely link the person who signed the document, the contents of the document and the owner of the electronic signature. The logical nature of an electronic signature makes it independent of the material nature of the document. With its help, you can sign documents of an electronic nature (executed on magnetic, optical, crystalline and other media, distributed in computer networks, etc.).

According to the Law, the electronic document must solve the following tasks: protecting an electronic document from forgery, establishing the absence of distortions of information in electronic document, identification of the owner of the signing key certificate (Article 3).

Thus, the electronic signature must provide identification (the document is signed by a certain person) and authentication (the content has not changed since the moment it was signed) of the electronic document.

This lecture discusses only the basic concepts, principles of formation, giving legal authority to an electronic signature. Students will learn more about electronic signatures as part of their study of the discipline “Fundamentals of Information Security in the Department of Internal Affairs.”

Control questions

1. The concept of electronic signature (ES).

2. History of the emergence of the concept of electronic signature.

3. Regulatory documents regulating electronic signature.

4. Types of electronic signature.

5. Functions of the Certification Authority.

6. Electronic signature verification key certificate.

7. Technology of EP formation.

8. The concept of a hash function.

9. Electronic data interchange

Literature:

a) basic literature:

1. A. S. Davydov, T. V. Maslova. Information technologies in the activities of internal affairs bodies: a textbook. – M.: TsOKR Ministry of Internal Affairs of Russia, 2009.

2. Computer science and mathematics for lawyers: a textbook for university students studying legal specialties / edited by S. Ya. Kazantsev, N. M. Dubinina. – 2nd ed., revised. and additional – M.: UNITY-DANA, 2009.

3. Information technologies in legal activities: a textbook for bachelors / edited by P. U. Kuznetsov. – M.: Yurayt Publishing House, 2012.

4. Simonovich S. V. Informatics. Basic course. – St. Petersburg, Peter, 2011.

b) additional literature:

1. Gornets N. N., Roshchin A. G., Solomentsev V. V. Organization of computers and systems. Tutorial. – M., Academy, 2008.

2. Orlov S. A., Tsilker B. Ya. Organization of computers and systems. Textbook for universities. – St. Petersburg, Peter, 2011.

3. Broido V. L., Ilyina O. P. Computing systems, networks and telecommunications. Textbook for universities. – St. Petersburg, Peter, 2011.

Lecture 7.

Electronic signature

Introduction

Study questions:

1. Purpose and application of an electronic signature.

2. Types of electronic signature, its legal validity.

3. Technology for generating an electronic signature.

4. Electronic data exchange.

Conclusion

Introduction

When exchanging electronic documents over a communication network, the costs of processing and storing documents are significantly reduced, and their search is speeded up. But this raises the problem of authenticating the author of the document and the document itself, i.e. establishing the authenticity of the author and the absence of changes in the received document. In conventional (paper) computer science, these problems are solved due to the fact that the information in the document and the handwritten signature of the author are strictly linked to the physical medium (paper). There is no such connection in electronic documents on machine media.

When processing documents in electronic form, traditional methods of establishing authenticity using a handwritten signature and stamp on a paper document are completely unsuitable. A fundamentally new solution is electronic digital signature (EDS).

Purpose and use of electronic signature.

Electronic digital signature- details of the electronic document, which makes it possible to establish the absence of distortion of information in the electronic document from the moment of formation of the electronic document and to verify that the signature belongs to the owner of the electronic key certificate. The value of the attribute is obtained as a result of cryptographic transformation of information using the private key of the electronic signature.

In Russia, Federal Law No. 63-FZ of April 6, 2011 replaced the name “electronic digital signature” with the words “ electronic signature"(abbreviation - " EP»).

An electronic signature is intended to identify the person who signed the electronic document. In addition, using an electronic signature allows you to:

Control of the integrity of the transmitted document: in case of any accidental or intentional change to the document, the signature will become invalid, because it is calculated based on the original state of the document and corresponds only to it;

Protection against changes (forgery) of the document: the guarantee of detection of forgery during integrity control makes forgery impractical in most cases;

Evidence of the authorship of the document: Since you can create a correct signature only by knowing the private key, and it should only be known to the owner, the owner of the key pair can prove his authorship of the signature under the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “time stamp”, etc. may be signed.

All these properties of EP allow it to be used for the following purposes:

· Declaration of goods and services (customs declarations).

· Registration of real estate transactions.

· Use in banking systems.

· E-commerce and government orders.

· Monitoring the execution of the state budget.

· In systems of appeal to authorities.

· For mandatory reporting to government agencies.

· Organization of legally significant electronic document flow.

· In settlement and trading systems.

History of origin

In 1976, Whitfield Diffie and Martin Hellman first proposed the concept of "electronic digital signature", although they only assumed that digital signature schemes could exist.

In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA cryptographic algorithm, which can be used to create primitive digital signatures without additional modifications.

Soon after RSA, other digital signatures were developed, such as the Rabin and Merkle digital signature algorithms.

In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest were the first to rigorously define the security requirements for digital signature algorithms. They described models of attacks on digital signature algorithms, and also proposed a GMR scheme that meets the described requirements.

Russia

In 1994, the Main Directorate of Communications Security of the Federal Agency for Government Communications and Information under the President Russian Federation The first Russian digital signature standard was developed - GOST R 34.10-94 “Information technology. Cryptographic information protection. Procedures for developing and verifying an electronic digital signature based on an asymmetric cryptographic algorithm."

In 2002, to ensure greater cryptographic strength of the algorithm, instead of GOST R 34.10-94, the standard GOST R 34.10-2001 of the same name was introduced, based on calculations in a group of elliptic curve points. According to this standard, the terms "electronic digital signature" And " digital signature" are synonyms.

On January 1, 2013, the GOST R 34.10-2001 of the same name was replaced by GOST R 34.10-2012 “Information technology. Cryptographic information protection. Processes of formation and verification of electronic digital signatures.”

The Federal Law “On Electronic Signature” No. 63-FZ dated 04/06/2011 regulates relations in the field of:

use of electronic signatures when making civil transactions;

provision of state and municipal services;

execution of state and municipal functions;

when performing other legally significant actions.

Federal law defines the concept of an electronic signature:

1. Its types and requirements for electronic signatures are established, with the help of which the following are created and verified:

electronic signature,

electronic signature key

and electronic signature verification key

2. Requirements for certification centers performing the functions of creating and issuing certificates of keys for verifying electronic signatures

The explanatory note to the draft law on electronic signatures provided disappointing statistics indicating the low prevalence of digital signatures in Russian business.

As of February 2007, about 200,000 EDS key certificates were issued in Russia, which is only 0.2% of the country's population.

It is noted that in Europe for a similar period of time from the entry into force of the EU Directive of December 13, 1999 N 1999/93/EC “On general principles electronic signatures" enhanced electronic signatures were used by about 70% of the population.

The new Federal Law “On Electronic Signatures” (ES) is designed to soften the too stringent requirements for EDS regulated by the Federal Law of January 10, 2002 “On Electronic Digital Signatures” (EDS).

In particular, it was allowed to use only one identification technology (asymmetric electronic signature keys), which also required the mandatory presence of a certificate from a certification authority.

According to the provisions of the new law, certification centers are not required to be licensed - they can undergo accreditation and then only on a voluntary basis. Accreditation will be carried out by an authorized body appointed by the government, which will also organize the work of the root center

For accreditation Russian or foreign entity must have net assets worth at least 1 million rubles. and financial guarantees for payment of compensation to affected clients in the amount of 1.5 million rubles, have at least two IT specialists with higher vocational education and go through the confirmation procedure with the FSB.

"Budget institutions: audits and inspections of financial and economic activities", 2011, N 8

At the present stage of development of Russian society, new high-performance information and telecommunication technologies are being actively introduced into the processes of everyday activities. The process of exchanging electronic documents differs significantly from the exchange of documents on paper, since there is a problem of confirming the authenticity of the information contained in them and its compliance with the meaning of a person’s will, which is solved by using an electronic signature. Electronic signatures are widely used in the activities of state (municipal) institutions, both in the provision of state (municipal) services, interaction with Federal Treasury authorities, reporting, and in a number of other cases.

On 04/08/2011, Federal Law No. 63-FZ dated 04/06/2011 “On Electronic Signatures” (hereinafter referred to as Federal Law No. 63-FZ) came into force, regulating relations in the field of using electronic signatures when making civil transactions, providing government and municipal services, performing state and municipal functions, and performing other legally significant actions. In connection with its publication, from July 1, 2012, the Federal Law of January 10, 2002 No. 1-FZ “On Electronic Digital Signature” (hereinafter referred to as Federal Law No. 1-FZ) will cease to apply.

What are the reasons for the adoption of the new Law?

Federal Law No. 1-FZ has conceptual, legal and technical shortcomings that have not made it possible to provide legal conditions for the widespread use of electronic digital signatures in the Russian Federation, in particular:

• the use of a single electronic digital signature technology (based on the so-called asymmetric signature key technology) leads to the need to use a single hierarchical system of certification centers and obliges the use of certified electronic digital signature tools;
• the provisions of the Law do not correspond to the basic principles implemented in foreign legislation and international law when implementing legal regulation electronic signatures, such as “technological neutrality” of legislation, legal recognition various types electronic signature, free use of electronic signature means, accreditation of certification centers;
• the scope of regulation of the Law is insufficient: it excludes relations both involving the use of other types of electronic signatures and those that are not civil law transactions;
• Electronic digital signature of legal entities is not allowed.

These shortcomings do not allow the provisions to be widely used Federal Law N 1-FZ in law enforcement practice. The adopted Federal Law N 63-FZ is aimed at eliminating the above shortcomings, expanding the scope of use and acceptable types of electronic signatures. At the same time, it preserves the existing practice of using an electronic digital signature.

What types of electronic signature are there?

According to Art. 2 of Federal Law N 63-FZ electronic signature is information in electronic form that is attached to or otherwise associated with other information in electronic form (signable information) and that is used to identify the person signing the information.

For reference. Article 3 of Federal Law No. 1-FZ characterizes an electronic signature as a requisite of an electronic document, intended to protect it from forgery, obtained as a result of cryptographic transformation of information using the private key of an electronic digital signature and allowing to identify the owner of the signature key certificate, as well as to establish the absence of distortion of information in an electronic document.

In accordance with Art. 5 of Federal Law N 63-FZ, an electronic signature can be of two types: simple and enhanced. In turn, an enhanced electronic signature can be unqualified or qualified. It should be noted that Federal Law No. 1-FZ does not provide for a similar division, as we mentioned above.

Simple electronic signature. A simple electronic signature is an electronic signature that, through the use of codes, passwords or other means, confirms the fact of the formation of an electronic signature by a certain person (Clause 2 of Article 5 of Federal Law No. 63-FZ).

An electronic document is considered signed with a simple electronic signature if one of the following conditions is met (Clause 1, Article 9 of Federal Law No. 63-FZ):

• a simple electronic signature is contained in the electronic document itself;
• a simple electronic signature key (a unique sequence of characters intended for creating an electronic signature) is used in accordance with the rules established by the operator of the information system using which the creation and (or) sending of an electronic document is carried out, and the created and (or) sent electronic document contains information indicating the person on whose behalf the electronic document was created and (or) sent.

To use a simple electronic signature, as well as for the purpose of recognizing electronic documents as equivalent to documents on paper, agreements between participants in electronic interaction (regulatory legal acts) must necessarily provide for:

• rules for determining the person signing an electronic document by his simple electronic signature;
• the obligation of the person creating and (or) using the simple electronic signature key to maintain its confidentiality.

Let us recall that an electronic document is documented information presented in electronic form, that is, in a form suitable for human perception using electronic computers, as well as for transmission over information and telecommunication networks or processing in information systems(Article 2 of the Federal Law of July 27, 2006 N 149-FZ “On Information, Information Technologies and Information Protection”).

Note! It is not allowed to use a simple electronic signature to sign electronic documents containing information constituting a state secret, or in an information system containing information constituting a state secret (clause 4 of article 9 of Federal Law N 63-FZ).

Enhanced electronic signature. Unlike a simple one, an enhanced electronic signature is used in cases where, in accordance with current legislation or business customs, a document must not only be signed by the head of a state (municipal) institution (a person authorized by him), but also certified by a seal (clause 3 of Art. 6 of Federal Law N 63-FZ).

As already noted, an enhanced electronic signature can be unqualified or qualified.

Unqualified signature	Qualified Signature
Obtained as a result of cryptographic converting information from using an electronic signature key	Meets all criteria unqualified electronic signatures
Allows you to identify the person who signed electronic document	The verification key is listed in qualified certificate
Allows you to detect the fact of making changes to the electronic document after its signing and is created with using electronic signatures	To create and test it means are used received confirmation compliance with requirements, established according to Federal Law N 63-FZ

In accordance with Art. 10 of Federal Law N 63-FZ, when using enhanced electronic signatures, it is necessary to:

• ensure the confidentiality of electronic signature keys, in particular, prevent the use of electronic signature keys belonging to an institution without its consent;
• notify the certification center that issued the electronic signature verification key certificate and other participants in electronic interaction about a violation of the confidentiality of the electronic signature key within no more than one business day from the date of receipt of information about such a violation;
• do not use the electronic signature key if there are reasons to believe that its confidentiality has been violated;
• use electronic signature tools that have received confirmation of compliance with the requirements to create and verify qualified electronic signatures, create keys for qualified electronic signatures and keys for their verification.

Are electronic documents recognized as equivalent to paper documents?

Information in electronic form, signed with a qualified electronic signature, is recognized as an electronic document equivalent to a paper document signed with a handwritten signature, except in cases where the law establishes a requirement for the need to draw up a document exclusively on paper. In addition, regulations or an agreement between participants in electronic interaction may provide for additional requirements for an electronic document in order to recognize it as equivalent to a paper document certified by a seal.

A qualified signature is recognized as valid until otherwise determined by the court if the following conditions are met (Article 11 of Federal Law No. 63-FZ):

• a qualified certificate was created and issued by an accredited certification center, the accreditation of which is valid on the day of issue of the specified certificate;
• a qualified certificate is valid at the time of signing the electronic document (if there is reliable information about the moment of signing the electronic document) or on the day of checking the validity of the specified certificate, if the moment of signing the electronic document is not determined;
• there is a positive result of checking that the owner of the qualified certificate has a qualified electronic signature with which the electronic document was signed, and the absence of changes in this document after its signing is confirmed;
• a qualified electronic signature is used subject to the restrictions contained in the qualified certificate of the person signing the electronic document (if such restrictions are established).

In accordance with paragraph 2 of Art. 6 of Federal Law N 63-FZ, an electronic document signed with a simple or unqualified electronic signature is recognized as equivalent to a paper document signed with a handwritten signature, in cases established by law or an agreement between participants in electronic interaction. Moreover, these agreements or regulations must provide for the procedure for verifying an electronic signature, and also comply with the requirements established in Art. 9 of Federal Law No. 63-FZ.

How to obtain electronic signature facilities?

To create and verify an electronic signature, create an electronic signature key and an electronic signature verification key, electronic signature tools must be used, which (clause 1 of Article 12 of Federal Law No. 63-FZ):

• allow you to establish the fact of changes in a signed electronic document after its signing;
• provide the practical impossibility of calculating the electronic signature key from the electronic signature or its verification key.

To obtain electronic signature tools and conclude an agreement for their servicing, an institution must contact one of the certification centers. Let us recall that a certification center is a legal entity or individual entrepreneur that performs the functions of creating and issuing certificates of keys for verifying electronic signatures, as well as other functions (Article 2 of Federal Law No. 63-FZ). The tasks of the certification authority are to create and issue certificates based on an agreement between the certification authority and the applicant. In addition, the certification center (clause 1 of article 13 of Federal Law No. 63-FZ):

• establishes validity periods for electronic signature verification key certificates;
• cancels the electronic signature verification key certificates issued by this certification center;
• issues, at the request of the applicant, electronic signature tools containing an electronic signature key and an electronic signature verification key (including those created by a certification center) or providing the ability to create an electronic signature key and an electronic signature verification key by the applicant;
• maintains a register of electronic signature verification key certificates issued and revoked by this certification center, including information contained in the electronic signature verification key certificates issued by this certification center, and information on the dates of termination or cancellation of electronic signature verification key certificates and the grounds such termination or cancellation;
• establishes the procedure for maintaining the register of certificates that are not qualified, and the procedure for accessing it, and also ensures access of persons to the information contained in the register of certificates, including using the Internet;
• creates electronic signature keys and electronic signature verification keys at the request of applicants;
• checks the uniqueness of electronic signature verification keys in the certificate registry;
• carries out verification of electronic signatures upon requests from participants in electronic interaction;
• carries out other activities related to the use of electronic signatures.

For example, provision of electronic signature means for the purpose of posting information about orders on the official website of the Russian Federation on the Internet for posting information about orders for the supply of goods, performance of work, provision of services is carried out by the Federal Treasury. The procedure for providing an electronic signature in this case is regulated by Order of the Ministry of Economic Development of Russia N 647, Federal Treasury N 22n dated December 14, 2010 “On approval of the Procedure for registering users on the official website of the Russian Federation on the Internet for posting information on placing orders for the supply of goods, performance of work, provision of services" (hereinafter - the Procedure). Thus, to obtain key certificates, it is necessary to submit to the territorial body of the Federal Treasury at the location of the institution on paper (and, if technically possible, in the form of an electronic document) in one copy:

• information about the organization in the form given in Appendix 1 to the Letter of the Treasury of the Russian Federation dated March 14, 2011 N 42-7.4-05/10.0-160. It is prohibited to include information constituting a state secret in the specified form;
• Card of sample signatures for personal accounts (according to form 0531753, approved by Order of the Federal Treasury dated October 7, 2008 N 7n “On the procedure for opening and maintaining personal accounts by the Federal Treasury and its territorial bodies” (hereinafter referred to as Order N 7n));
• a copy of the constituent document (charter), certified by the founder or notarized. Its presentation is not required from the authorities state power(local government) or their territorial bodies, federal government institutions that do not have their own regulations (charter) and act on the basis of general regulations (charter), territorial state extra-budgetary funds, state corporation (state company);
• a copy of the document on state registration of a legal entity, certified by the founder or notary or by the body that carried out the state registration;
• a copy of the certificate of registration of a legal entity with the tax authority, certified by a notary or by the tax authority that issued it;
• copy of the regulatory legal act subject of the Russian Federation on the creation of a corresponding territorial state extra-budgetary fund (only for territorial state extra-budgetary funds). There is no need to certify the specified copy;
• a copy of the document on opening an account with a credit institution, to which the funds of the participants in placing an order, issued by the relevant credit institution, must be transferred, certified by a notary, if the relevant organization has not opened a personal account with the Federal Treasury (for a state corporation, state company, unitary enterprise, an organization that has a share of state participation, a subject of a natural monopoly).

How is an electronic signature used when working with Federal Treasury authorities?

According to clause 1.3 of the Procedure for cash services for the execution of the federal budget, budgets of the constituent entities of the Russian Federation and local budgets and the procedure for the implementation by the Federal Treasury of certain functions of the financial bodies of the constituent entities of the Russian Federation and municipalities for the execution of the relevant budgets, approved by Order of the Federal Treasury dated October 10, 2008 N 8n, information exchange between state (municipal) institutions and the Federal Treasury or bodies of the Federal Treasury is carried out in in electronic format using electronic signature means in accordance with the legislation of the Russian Federation on the basis of an agreement (agreement) on the exchange of electronic documents concluded between institutions and the Federal Treasury, and the requirements established by the legislation of the Russian Federation.

When the Federal Treasury bodies conclude agreements on the exchange of electronic documents with the main managers, managers, recipients, revenue administrators, financial authorities at all levels of the budget system of the Russian Federation, it is recommended to use the attached sample agreement on the exchange of electronic documents (see Letter of the Federal Treasury dated March 20, 2007 N 42- 7.1-17/10.1-102 "On a sample agreement on the exchange of electronic documents").

Federal Treasury authorities, when accepting payment documents submitted electronically in accordance with the agreement on the exchange of electronic documents, to verify the signature of the person signing the electronic payment document with its sample, use a public key certificate of an electronic signature issued in the prescribed manner to the person signing the electronic payment documents . In this case, an electronic payment document can be signed simultaneously by several electronic signatures of persons who have received a certificate in accordance with the established procedure in accordance with the agreement.

Is it possible to use an electronic signature when providing state and municipal services?

The procedure for using information and telecommunication technologies in the provision of state and municipal services is established by Art. Art. 21.1, 21.2 of Federal Law No. 210-FZ of July 27, 2010 “On the organization of the provision of state and municipal services” (hereinafter referred to as Federal Law No. 210-FZ).

State and municipal services are provided in electronic form if they are included in the list established by the Government of the Russian Federation. The highest executive body of state power of a constituent entity of the Russian Federation has the right to approve an additional list of services provided in a constituent entity of the Russian Federation by state and municipal institutions and other organizations that place the state assignment (order) of a constituent entity of the Russian Federation or municipal task(order), subject to inclusion in the register of state or municipal services and provided in electronic form.

Applications for and provision of state or municipal services can be carried out using electronic documents signed with an electronic signature in accordance with the requirements of Federal Law N 63-FZ.

Rules for the use of simple electronic signatures in the provision of state and municipal services, including rules for the creation and issuance of simple electronic signature keys, and a list of bodies and organizations entitled to create and issue simple electronic signature keys for the purpose of providing state and municipal services, are established by the Government RF and must provide, among other things (Article 21.2 of Federal Law N 210-FZ):

• requirements that simple electronic signatures and (or) technologies for their creation must meet;
• methods of identifying a person when issuing him a simple electronic signature key in order to receive state and municipal services.

According to paragraph 2 of Art. 21.2 of Federal Law N 210-FZ, when providing state and municipal services using simple electronic signatures, the following must be ensured:

• the possibility of free receipt by any person of simple electronic signature keys for use in obtaining state and municipal services;
• no need for individuals and legal entities to use software and hardware specifically designed for receiving state and municipal services using simple electronic signatures.

Please note that the government services portal (www.gosuslugi.ru) is currently operating on a test basis, where you can receive some government services electronically.

Yu. Vasiliev

CEO

Electronic digital signature is the basis of electronic document management using modern information technologies. It is an integral part of the work of such projects as “Bank-Client” (automated banking systems remote access), payment systems based on smart cards, electronic Internet payment systems, etc.

What is a digital electronic signature system?

The main purpose of an electronic digital signature, which is a special mathematical scheme, is to confirm the authenticity of electronic documents or messages. A secure digital signature guarantees the recipient that the document was created by the sender and was not modified during transmission.

Electronic digital signatures are actively used in financial transactions, for software distribution, as well as in other projects that require confirmation of the authenticity of an electronic message.

It is worth distinguishing between the concepts of “digital signature” and “electronic signature”. The first term is more general character, as it applies to any electronic data. However, not all electronic signatures are digital.

Digital signatures use asymmetric cryptography. They are designed to protect electronic messages transmitted over an insecure channel. A digital signature, created according to the rules, guarantees that the message was sent by the originator. In fact, a digital signature and seal is a full-fledged substitute for physical seals and manual signatures. The difference is that digital ones are harder to counterfeit.

One of the areas of application of electronic digital signature is confirmation of the authenticity of messages and documents transmitted via e-mail using a cryptographic protocol. The digital signature is based on the principle of non-repudiation, according to which the person who signed the document cannot prove that he did not sign the sent message.

The role of digital signatures in e-commerce and document flow

The popularity of EP is growing steadily. Company managers want to reduce the workload of their employees and reduce the volume of paperwork. After all, with the help of digital signatures, other employees will be able to sign documents much faster, which will reduce downtime and ensure increased efficiency of business processes in the organization.

The Federal Law “On Electronic Digital Signature” defines digital signature as equivalent in legal force to a handwritten signature and a physical seal on a traditional paper document. This allows organizations in various industries and areas of activity to actively use it in electronic document management.

But the scope of application of EDS is not limited to this. It is also used to confirm the authorship, integrity, authenticity and currency of any emails and allows you to check whether any changes were made to the transmitted document by unauthorized people.

The acceleration of all processes in life and business forces company owners to optimize organizational processes and implement various automation systems. E-commerce is one such tool. To participate in the auction you need an electronic digital signature, which allows you to:

• guarantee the authenticity of electronic documents uploaded by participants;
• organizers sign competitions, auctions and applications;
• sign bids at auctions;
• use electronic documents as well as paper ones;
• ensure the authenticity and integrity of electronic documents and prevent their forgery;
• avoid the occurrence of controversial situations due to incorrect sending of documents and submission of applications.

The use of digital technologies in e-commerce may lead to fundamental changes in the practice of business negotiations in the near future. First of all, through the use of digital communication channels and reducing communication costs. Thus, an electronic digital signature provides small and medium-sized business owners with access to international e-commerce markets.

In the recent past, fax was used to exchange messages or documents. Securities were also sent by mail or courier service. Now you can send all the necessary documentation that has the appropriate legal force in the shortest possible time and without intermediaries. After all, an electronic digital signature in document management completely replaces a handwritten one and confirms its authenticity, ensuring that the document has not been amended by unauthorized users.

The economic feasibility of switching to the exchange of electronic documents is obvious: in this form it is easier to store and transmit them. To do this, you just need to issue an electronic digital signature at one of the special certification centers.

Another advantage of electronic document management is the high degree of protection of transmitted data. For digital signature, a special crypto provider with a qualified certificate is used. Its maximum protection is provided by special hardware and software complexes (I-Token keys or smart cards), which contain secure storage for using PIN codes when working with a qualified certificate. If several unsuccessful attempts are made to enter the PIN code, the certificate is blocked and stops working.

Features of using an electronic digital signature

Before using digital signature to endorse documents, you must consider the following:

1. The authenticity of the signature can be verified based on publicly available data. In this case, it is created from a fixed message and a private key of an electronic digital signature.
2. It is impossible to forge or guess a signature without a private key.

The use of digital signature is appropriate and relevant not only in organizing document flow of legal entities (to certify the authenticity, authorship, identity and status of documents), but also individuals. For example, it can be used to confirm informed consent or approval by one of the signatories of the contract.

An electronic digital signature is used to authenticate the source of a letter. This is because even if the document has all the necessary information, it is difficult to guarantee the authenticity of the sender. The electronic digital signature key is assigned to a specific user. This mechanism guarantees that the letter was sent by the owner of the digital signature. This is especially true for financial and banking organizations.

Another area of ​​application of digital signature is confirmation that the letter was delivered safe and sound and that no changes were made to it by attackers during the transmission process. Encryption using a digital signature key does not provide 100% protection against changes to the original message by unauthorized users. But when decrypting the letter, the addressee will receive information if the integrity of the letter is compromised. This is due to the fact that any actions with a message signed with an electronic digital signature lead to its deactivation. In order to sign a changed document again, you need to have access to it. Therefore, the likelihood of such a development is extremely low.

Also, an electronic digital signature is one of the effective tools to confirm the origin of a document or message. That is, an electronic digital signature for legal entities is a guarantee of non-repudiation or the impossibility of denying the fact that an organization has signed an electronic document. This principle of digital signature operation is also applicable to individuals.

It is worth keeping in mind that the authenticity and reliability of a letter signed with an electronic digital signature is only possible if the secret key is not revoked before use. In this case, public keys are canceled simultaneously with secret ones. Upon prior request, the electronic signature is checked for the likelihood of revocation.

Any cryptosystems based on the use of a public or private key directly depend on the degree of secrecy of this data. The user can store the electronic digital signature key on his work computer, protecting it with a password. But this option has its drawbacks:

• documents can only be signed on the computer of the digital signature owner;
• the safety of digital signature data directly depends on the security of the user’s working computer.

It is much more secure to store the private key on smart cards, since most of them have a high degree of protection against changes by unauthorized users.

To activate a smart card, the user enters a special PIN code. This two-factor authentication scheme provides additional protection for the electronic digital signature. In case of theft or loss of a smart card, in order to activate it and use the digital signature, you will also need to enter a PIN code, which reduces the degree of security of this scheme. It is encouraging that the digital signature keys located on smart cards exist in a single copy and cannot be copied. Therefore, the owner of an electronic digital signature, upon discovering a loss, can quickly block their action. Keys stored on the user's computer are much easier to copy, and the fact of information leakage is more difficult to detect. Therefore, it is very important to apply additional protection for electronic digital signatures.

What algorithms are used in the electronic digital signature?

The digital signature scheme simultaneously includes three electronic digital signature algorithms:

1. A key generation algorithm that selects a secret key uniformly and randomly from a set of possible private options. At the same time, secret and public keys are generated, which come in pairs.
2. A signature algorithm that, based on a private key, signs an electronic message.
3. A verification algorithm for an electronic digital signature, which, based on the public key, signature and message, determines the authenticity and decides on the possibility or impossibility of sending an email.

RSA digital signature algorithm.

One of the very first and most widespread digital signature systems works based on the RSA algorithm. It all starts with calculating the public and private key. The sender of the email must calculate two large prime numbers P and Q, and then calculate the product and find the value of the function:

N = P * Q; φ (N) = (P-1)(Q-1).

Then you need to determine the value of E from the conditions:

E £ φ (N), GCD (E, φ (N)) = 1

and D value:

D< N, E*D º 1 (mod j (N)).

The numbers E and N represent the public key. The author sends these indicators to the recipients of the email to authenticate the electronic digital signature. Parameter D is the secret key with which the author signs the message. The operation of the algorithm is shown schematically in the figure:

Disadvantages of using the RSA algorithm to generate an electronic digital signature:

1. Calculating the values ​​of parameters N, E and D is a labor-intensive process, since it requires checking a large number of additional conditions. Moreover, if at least one of them is not fulfilled, there is a risk of forgery of an electronic digital signature.
2. High resistance to falsification of digital signatures created using the RSA algorithm is ensured by significant computational costs (20-30% more than other algorithms).

ElGamal Signature Algorithm (EGSA).

The main idea of ​​this algorithm is the impossibility of forging an electronic digital signature. To achieve such a goal, it is necessary to solve a more complex computational problem, and not just factorize a large integer. In addition, the developer El-Gamal was able to eliminate the shortcomings of the RSA algorithm and prevent the risks of digital signature falsification without determining the secret key.

To generate a public and private key, you need to choose two simple integers P and G, provided that G< P. Отправитель и адресат электронного документа, подписанного ЭЦП, применяют одинаковые большие несекретные числа P (~10 308 = ~2 1024) и G (~10 154 = ~1 512). Первый из них берёт случайное целое число X, 1 < X £ (P - 1), и вычисляет: Y = G X mod P.

Parameter Y is the public key used to authenticate the sender's electronic digital signature. Parameter X is the secret key used by it to sign electronic documents. To sign a message M, the sender must hash it using the hash function h into an integer m: m = h(M), 1< m < (P - 1), и сгенерировал случайное целое число К, 1 < K < (P - 1), при этом К и (P - 1) должны быть взаимно простыми. На следующем этапе он рассчитывает значение параметра a по формуле: a = G K mod P. На основе расширенного алгоритма Евклида с помощью секретного ключа Х определяет целое число b: m = X * a + K * b (mod (P - 1)). Пара чисел (a, b) формируют электронную цифровую подпись S: S = (a, b).

The values ​​of the parameters M, a and b are transmitted to the recipient, and the values ​​of the numbers X and K are not disclosed. The message recipient then calculates the value of m using the formula: m = h(M). Next, the value of the number A = Y a a b mod (P) is calculated. If A = G m mod (P), M's message is considered genuine.

A rigorous mathematical proof can be given that the last equality will be true when the signature S under the message M is calculated using exactly the secret key X from which the public key Y was obtained.

It is worth keeping in mind that to create each electronic digital signature, you need a new value of the number K, which is determined randomly.

The EGSA algorithm is a classic example of how a message is delivered in clear form along with an authenticator (a, b). The difference between the ElGamal algorithm and the RSA algorithm:

1. With a similar degree of resistance, the EGSA algorithm works on integers that are 25% shorter than similar numbers in the RSA algorithm. This reduces the computation time by an average of 2 times.
2. It is easy to calculate the modulus P, you just need to make sure that the number is prime and the number (P - 1) has a large prime factor.
3. The EGSA algorithm does not allow you to put an electronic digital signature on new messages without knowing the secret key.
4. A signature created using the EGSA algorithm is 1.5 times larger than a signature generated using the RSA scheme.

DSA digital signature algorithm.

The DSA (Digital Signature Algorithm) algorithm is an improved version of the EGSA and K. Schnorr digital signature algorithms. The sender and recipient of an email calculate large integers G and P - prime numbers, L bits each (512 £ L £ 1024), q is a prime number of length 160 bits (number divisor (P - 1)). The numbers P, G, q are open and can be shared by users. The sender selects a random integer X - the secret key of the electronic digital signature, while 1< X < q. Далее он рассчитывает значение параметра Y (открытого ключа) по формуле: Y = G X mod P. Для подписи сообщения М отправитель хэширует его в целое хэш-значение m: m = h(M), 1 < m < q, затем выбирает случайное целое число К, при условии, что 1 < K < q, и вычисляет значение параметра r по формуле: r = (G K mod P) mod q. Далее он находит число s по формуле: s = ((m + r * X)/ K) mod q.

A pair of numbers S = (r, s) form an electronic digital signature. The recipient checks whether the conditions are met: 0< r < q, 0 < s < q. Если хотя бы одно из них не выполнено, то подлинность ЭЦП не подтверждается. Если же выполнены все условия, то адресат рассчитывает значение w по формуле: w = (l/s) mod q, хэш-значения m = h(M) и числа u 1 = (m * w) mod q, u 2 = (r * w) mod q. Далее он с помощью открытого ключа Y вычисляет v по формуле: v = ((G u 1 * Y u 2) mod P) mod q. Подпись S считается подлинной при условии, что выполняется равенство v = r.

A mathematical proof can be given that the last equality will be true when the signature S under the message M is calculated using exactly the private key X from which the public key Y was obtained.

Advantages of the DSA algorithm compared to the EGSA algorithm:

1. The length of an electronic digital signature created using the DSA algorithm is significantly shorter than that of a signature generated using the EGSA algorithm. However, the level of durability is the same.
2. The DSA signature computation time is less than that of the EGSA algorithm.

The disadvantages of the DSA algorithm include the need to carry out complex division operations modulo q to verify the authenticity of an electronic digital signature. In practice, the DSA algorithm can be accelerated by performing preliminary calculations. It is worth noting that the value of r is independent of message M and its hash value m.

What types of electronic digital signatures are endowed with legal force?

The Federal Law “On Electronic Signatures” No. 63-FZ distinguishes two types of electronic signatures: simple and enhanced. Strengthened signatures can be qualified or unqualified.

Simple digital signature.

To create such a signature, passwords, codes and other means are used. A simple electronic digital signature is a tool for confirming the authenticity of electronic data by the sender. It is considered valid if the following conditions are met:

• the electronic document is signed with an electronic signature;
• the electronic signature key was created in accordance with the requirements of the information system with the help of which electronic messages were certified and sent by the sender.

In regulatory and legal documents, as well as contracts, participants must define the basic rules for the use of a simple electronic digital signature:

• mechanism for identifying the author of a signature in an electronic document;
• mandatory compliance with confidentiality requirements when using electronic signatures by responsible persons;
• compliance with the requirements of Federal Law No. 63-FZ regarding the use of a simple electronic digital signature;
• impossibility of applying digital signature to secret government documents.

Reinforced unqualified electronic signature.

To create such a signature, a cryptographic program is used that operates on the basis of an electronic digital signature key. A strengthened unqualified signature allows you to determine the originator of the document who signed it and the presence of changes in the letter after it was signed. The use of an unqualified electronic signature allows you not to use an electronic digital signature key certificate (subject to compliance with the requirements of the law, other regulatory documents and agreements between the sender and the addressee).

Enhanced qualified digital signature.

The peculiarity of this type of electronic digital signature is the presence of a special verification key contained in a qualified certificate. The generation and verification of an enhanced qualified digital signature occurs using special electronic signature tools that meet the requirements of Federal Law No. 63-FZ.

Paper documents with a handwritten signature and electronic documents with an enhanced qualified signature have the same legal force (except for cases that recognize exclusively a handwritten signature, as provided for in law). The law also allows for the establishment in regulations and agreements between the sender and recipient of additional requirements for electronic documents signed with an enhanced qualified signature.

Let's compare the considered types of electronic digital signature by analogy with familiar physical means of personal identification:

A simple electronic signature is similar to a badge - any stranger can use it, so responsibility for the safety of the data lies with the owner of the signature.

An unqualified electronic signature is similar to a pass in a company, and there is a certain level of trust between the parties to the transaction.

A qualified electronic signature as a passport is the most important tool for identification and provides the opportunity to use all services.

In accordance with Art. 7 of the Federal Law “On Electronic Signatures”, digital signatures created according to foreign standards in the Russian Federation refer to the type of electronic signatures whose characteristics they correspond to. The issuance of a key certificate in a foreign country cannot be a reason for non-recognition of the legal force of the document on which such a signature appears.

How and where to get an electronic digital signature

Step 1. Selecting an electronic signature.

First you need to understand why you need an electronic digital signature. For example, you need a key to work on a government services website. Or you plan to submit reports to extra-budgetary funds, tax authorities, the federal financial monitoring service or other state and municipal bodies. You will also need an electronic digital signature to participate in electronic auctions or work on electronic trading platforms.

Step 2. Selecting a certification authority.

The list of certification centers where you can obtain an electronic digital signature is on the website www.minsvyaz.ru (the official Internet resource of the Ministry of Communications and mass communications). On the main page of the site in the “Important” section there is an active link “Accreditation of certification centers”, after clicking on it a window opens offering to download a file with a current list of accredited certification centers. As of February 6, 2018, the list included 469 organizations.

Steps 3 and 4. Fill out the application and pay for the service.

After choosing a certification center that is conveniently located, you need to fill out and submit an application for issuing an electronic digital signature. If it is not possible to fill out an application on the website, you can write it manually and submit it to employees at the certification center. In the application you must indicate the full name of the recipient of the digital signature, email address and contact number. Next, pay for the service.

Step 5. Submitting documents to the certification center.

Simultaneously with submitting an application for the creation of an electronic digital signature key certificate, you must submit a certain package of documents.

List of documents for obtaining an electronic digital signature by legal entities

• certificate of state registration of a legal entity (OGRN);
• certificate of registration with the tax authority (TIN);
• extract from the Unified State Register of Legal Entities (original or notarized copy). The requirements for the statute of limitations for an extract differ from one certification center to another, but usually it is no more than 6 months from the date of its receipt;
• insurance certificate of state pension insurance (SNILS) of the future owner of the electronic digital signature.

If the owner of the digital signature is the head of a legal entity, then it is also required to attach a document confirming his appointment to the position, certified by the signature and seal of the company.

If the authority to own the digital signature is planned to be transferred not to the manager, but to an employee of the company (authorized representative), then it is necessary to attach to the package of documents a power of attorney to transfer the relevant functions to this employee, certified by the signature and seal of the company. If this employee submits everything Required documents and personally receive an electronic signature, you also need to provide copies of the pages of his passport.

List of documents for individual entrepreneurs(IP)

• application for issuance of an electronic digital signature;
• certificate of state registration of individual entrepreneurs;
• certificate of registration with the tax authority (TIN);
• extract from the Unified State Register of Individual Entrepreneurs (original or notarized copy). The requirements for the statute of limitations for an extract from different certification centers may not be the same, but usually this is no more than 6 months from the date of its receipt;
• copies of passport pages of the future owner of the electronic digital signature: with photo and registration information;
• insurance certificate of state pension insurance (SNILS).

If it is planned that the electronic digital signature for an individual entrepreneur will be received by an authorized representative of the future owner of the digital signature, then a notarized power of attorney for the specified representative must also be submitted to the certification center.

In a situation where the future owner of an electronic digital signature wants to delegate all responsibilities for obtaining it to his authorized representative, then along with the main package of documents, the passport of this citizen must be provided.

Step 6. Obtaining an electronic signature.

To obtain an electronic digital signature, you must provide the originals of all documents to the selected certification center. After verifying the information, they are returned to the owner of the electronic signature.

The price of the service for creating an electronic digital signature may vary depending on the following factors:

• type and scope of application of electronic signature;
• features of pricing in the certification center;
• location of the certification center.

The final cost of the service consists of several components:

• registration and issue of an electronic digital signature key certificate;
• granting rights to work with specialized software;
• provision of programs for working with electronic digital signatures;
• transfer of the electronic digital signature carrier protection key;
• technical support when working with electronic digital signature.

For example, the total cost of an electronic signature for electronic trading is 5-7 thousand rubles.

The period for issuing an electronic digital signature can range from an hour to one week. It all depends on the speed of filing documents and payment for services. In most certification centers, digital signatures are produced in 2-3 business days. Please keep in mind that extracts from the Unified State Register of Legal Entities or Unified State Register of Individual Entrepreneurs in tax authorities issued within 5 working days. Therefore, it is worth getting them in advance.

The validity period of the electronic digital signature is 1 year. Therefore, it needs to be reissued annually. This can be done at any certification center (not necessarily the one where you received it).

How to implement reliable electronic digital signature protection

One of the pressing problems practical application modern cryptography – ensuring the protection of electronic digital signature information, primarily the electronic signature key. High level the strength of cryptographic algorithms, including those developed in our country, forces attackers to steal the electronic digital signature file with keys, since this is the only possible method of hacking. Simply selecting a key takes too much time and requires significant computing resources.

In accordance with GOST R 34.10-2001, the secret key of an electronic digital signature represents 256 bits of information. Attackers steal this data from user files, extract it from RAM or the system registry. A real hacker industry has formed in the shadow market for the production of software for stealing private EDS keys: various Trojans, rootkits, viruses, exploits. In order to steal a key, you don’t have to be a professional; you just need to gain access to the FLASH media on which it is stored.

The creators of electronic digital signature tools are trying to provide the necessary protection of secret keys. There are different methods for encrypting a digital signature key stored in a file. The user comes up with a password, which, based on a special algorithm, turns into a real cryptographic encryption key. With its help, the key container is encrypted. The downside is that this kind of protection can be hacked quite quickly by simply brute-force passwords. A bonus for attackers is an unlimited number of attempts and the only criterion for correctness (matching the private and public keys).

Stealing a secret key for an electronic digital signature from the system registry is as easy as stealing from a key container in a file, because the registry itself is also in the file.

There is another difficulty in ensuring the security of storing the digital signature key. In the Windows operating system, a certain “binding” of the key container occurs. For example, when connecting for the first time, a FLASH media with digital signature is defined as “Removable disk G”, and during subsequent work as “Removable disk K”. As a result, the crypto provider will not find key containers along the new path.

In addition, if the private digital signature key is located in the system registry, it may be difficult to transfer it to another computer.

Thus, ensuring the secure storage of the digital signature key is associated with many difficulties. But what consequences can occur as a result of theft of a key container? Let's look at the potential options for this hypothetical situation:

1. Attackers can steal money from an account through the remote banking system (RBS). It is almost impossible to prove the illegal actions of hackers, because all banking transactions contain your electronic digital signature.
2. The RBS security system prevented unauthorized transfers Money, blocking access to bank account. The money is safe, but important deals may have fallen through due to late payment.
3. Your competitors stole the digital signature key and signed a fake one commercial offer or competitive application. As a result, you will spend time and effort to clarify the situation, and your company will be excluded from electronic trading for dishonesty.
4. The attackers signed a false report using a stolen digital signature key, and your organization was fined.

Thus, the theft of an electronic digital signature key threatens you with loss of financial and time resources, deterioration of business reputation, disruption of important transactions, blocking of bank accounts and other potential and very real losses. Even if you prove that electronic data has been stolen, there is a high probability that the bank will refuse to return the stolen money.

Hackers may not risk it and instead of stealing the key container, simply delete it. This will lead to lost benefits for the owner of the digital signature (lost income, disruption of transactions) and unforeseen expenses (lost time, payment for services for re-issuing the digital signature).

Compliance with information security rules when using and storing electronic digital signatures is the key to uninterrupted operation of all participants in electronic document flow (banks, trading platforms, digital signature owners, reporting operators, etc.).

It is worth keeping in mind that the owner of the electronic signature should not give his secret key to other company employees. After all, only he is responsible for all documents signed by colleagues. If there is such a need, an electronic digital signature should be made separately for each employee who has the right to sign documents.

We have already talked about the insecurity of storing the key container in a file. To eliminate the shortcomings of such an encryption system, they came up with alienable media with their own encrypted file system in which the key container is located. Such a system has its own control microprocessor, which limits the number of hacking attempts.

For example, smart cards and USB tokens are popular in domestic practice. To activate the EDS secret key, the user enters an individual PIN code. After several incorrect input attempts, access is blocked, which limits the possibilities for attackers to hack.

USB tokens are popular in Russia due to a number of characteristics: reliability, ease of use and low cost. Thus, after the Rutoken-2001 project entered the market, several million USB tokens of this company were sold. In some areas (for example, when passing tax reporting and in electronic trading) Rutokens are considered the standard for the safe storage of key containers.

An improved variation of USB token technology works on cryptographic algorithms immediately “on board” the media. The secret key is not loaded into the computer's RAM, which eliminates the possibility of it being stolen by malware directly from the computer's memory. This technology is actively used in various financial organizations, in particular, in remote banking systems of organizations, where potential losses from theft of the secret key of an electronic digital signature are especially high.

How to verify the authenticity of an electronic digital signature

Electronic digital signature verification is carried out using open online services and specialized programs. The verification results make it possible to find out who signed the electronic document, authenticate the signature, and identify unauthorized changes in the message.

Many modern information systems automatically verify the authenticity of an electronic digital signature. Thus, on the Rosreestr website (rosreestr.ru) you can easily determine the authenticity of the digital signature on a document received in response to a user request. To do this, you need to upload the resulting file with the *.sig extension to a special site service and click on the button.

Similar verification tools can be found in other information systems, for example, on electronic trading platforms. Certification centers also provide users with services to verify the authenticity of digital signatures. In addition, those interested can carry out this procedure independently using specialized programs.

During the verification of an electronic document, the electronic digital signature on it, the EDS key received from the sender, and the EDS certificate are compared. If the recipient of the email is not registered with any of the existing certification centers, he can verify the authenticity of the digital signature independently:

1. In open online services such as ContourCrypto and others.
2. Install the CryptoPro CSP program on your personal or work computer and download the certificate database from public directories of certification authorities into it.
3. On the website www.gosuslugi.ru/pgu/eds you can check the electronic digital signature issued only by CAs that have passed state accreditation.
4. The most difficult way is if you have professional knowledge and skills, then calculate hash functions based on the encryption algorithm.

Let's take a closer look at the first three methods, since they are more accessible to users without computer education.

Check on CryptoPro CSP.

On the official website of the developer you can download a demo version of the program and use it for free for two weeks, and then buy full version. CryptoPro CSP allows you not only to check digital signatures in electronic documents, but also to sign your own files created in MS Word. After installing the program, you can select the desired action from the drop-down menu.

In the future, CryptoPro CSP will independently verify signatures in all open documents certified by digital signature. If the result is successful, the user will see a pop-up window

If during the check the program warns that the certificate of the received electronic document cannot be traced to the root directory, then the user should move it to the storage

Verification of electronic digital signature on the Public Services Portal.

On the website gosuslugi.ru you can easily check both your own qualified electronic signature and its certificate received from the sender in an electronic document. The site’s online service works both with files with the *.sig extension and with text documents that have an electronic signature built into their body.

If the certificate and electronic signature have passed verification, the message “Valid” appears. If not, the service reveals the reason: “Certificate revoked” or “Could not be verified.”

Using this service, you can easily check the EPI. In both cases, verification takes place only in relation to qualified signatures, since their key certificates are in the open registries of certification authorities. The likelihood that a document will have an invalid electronic digital signature is extremely low, since certification authorities monitor the validity periods of their certificates.

Reasons for incorrect operation of electronic digital signatures and how to eliminate them

Most users on electronic trading platforms experience difficulties due to incorrect operation of the electronic digital signature. Such problems can arise at the most inopportune moment, for example, during trading, which will lead to undesirable results:

• the application for participation in the competition will not be submitted on time;
• the participant will lose the electronic auction;
• a contract for the provision of services to government agencies will not be signed.

Typical difficulties when working with electronic digital signatures:

1. The procurement participant certificate is not visible on the electronic trading platform.
2. There is no technical possibility to sign an electronic document.
3. When trying to log into the electronic platform, the user receives an error message.

In practice, there are other problems, but we will look at ways to solve the most popular ones.

The signing key certificate is not visible on the site when trying to log in to the system.

This may be due to the simultaneous action of several factors:

• the digital signature key certificate is configured incorrectly;
• Internet browser does not work correctly;
• there is no CA root certificate.

How to solve a problem?

First, check that the installation of the open part of the certificate on the computer through the CryptoPro program was completed correctly. Also make sure your operating system supports the version of the software installed on the computer. Next, in your browser settings, add the trading platform email addresses to the trusted category, enabling all ActiveX controls. And at the end, install the root certificate of the CA that issued the digital signature into trusted root certification authorities.

The electronic signature gives an error when signing documents.

This problem may occur for the following reasons:

• your version of CryptoPro has expired license;
• you inserted media with a different certificate.

How to fix it?

Obtain a new license from the CA, open the CryptoPro program on your computer and enter the license data.

If the issue is with the digital signature carrier, then check all closed containers in the USB connectors and that the required certificate is loaded correctly.

The system displays an error when logging into the electronic platform.

The roots of this problem may lie in the previously discussed reasons. Typically, difficulties arise due to incorrect installation of the Capicom library. To fix the problem, check whether this library is installed on your computer and whether the two system files with the .dll extension are copied to one of the Windows folders when using a 64-bit system.

Preliminary study of the instructions for installing and configuring an electronic digital signature will help you avoid the described problem situations. If you still have difficulties when working with digital signature, you can contact the professionals of our company.

An electronic signature is a mathematical scheme designed to display the authenticity of electronic messages or documents. A valid digital signature provides every reason for the recipient to believe that the message was created by a known sender, that it was actually sent (authentication and non-repudiation), and that the message was not altered in transit (integrity).

Answering the question: “EDS - what is it?” - it is worth noting that they are a standard element of most cryptographic protocol sets and are usually used for software distribution, financial transactions, and also in many other cases where it is important for detecting forgery or falsification.

Digital signatures are often used to implement electronic signatures. This is a broader term that refers to any data electronic type. However, not every electronic signature is digital.

Digital signatures use asymmetric cryptography. In many cases they provide a certain level verification and security for messages that were sent over an insecure channel. When properly implemented, a digital signature allows one to believe that a message was sent by the intended sender. Digital seals and signatures are equivalent to handwritten signatures and real seals.

EDS - what is it?

Digital signatures are similar to traditional handwritten signatures in many ways and are more difficult to forge than handwritten signatures. Digital signature schemes have cryptographic underpinnings and must be implemented properly to remain effective. How to sign a digital signature document? You need to use 2 paired crypto keys.

Digital signatures can also implement the principle of non-failure operation. This means that a subscriber cannot successfully claim that it did not sign the message. Additionally, some schemes offer a timestamp for the digital signature and even if the private key is compromised, the signature remains valid. Digital signatures can be represented as a bit string and can be used in email, contracts, or a message sent using some kind of cryptographic protocol.

Public key cryptography or digital signature structure

What it is? The digital signature scheme includes three algorithms simultaneously.

A key generation algorithm that selects a secret key uniformly and randomly from a set of possible private keys. It issues a secret key and a public key that goes with it.

A signature algorithm that, given a message and a private key, actually produces the signature.

A signature verification algorithm that takes into account the message, public key and signature and accepts or rejects the sending of the letter, determining the authenticity.

How to install digital signature?

In order to use a digital signature, it is necessary to provide it with two main properties. What should you consider before signing a digital signature document?

First, the authenticity of the signature generated from the fixed message and the private key can be verified using the corresponding public information.

Second, it must be computationally infeasible to guess the correct signature without knowing the secret key. A digital signature is an authentication mechanism that allows the originator of a message to attach a code that acts as a signature.

Using Digital Signatures

As modern organizations move away from paper documents with ink signatures, digital signatures can provide additional authentication and proof of document authorship, identity and status. In addition, a digital signature can be a means of demonstrating the informed consent and approval of the signatory. Thus, digital signature for individuals is a reality.

Authentication

Although the letters may include detailed information, it is not always possible to reliably determine the sender. Digital signatures can be used to authenticate the origin of messages. When the EDS secret key is linked to a specific user, this confirms that the message was sent by them. The importance of trusting that the sender is genuine is especially evident in financial sectors.

Integrity

In many scenarios, the sender and recipient of an email need to be sure that it has not been altered in transit. Although encryption hides the contents of the sent object, it is only possible to change the encrypted message without understanding its meaning. Some can prevent this, but not in all cases. In any case, checking the digital signature during decryption will reveal a violation of the integrity of the letter.

However, if the message is digitally signed, any change to it after signing will disavow the signature. Moreover, there is no effective method change the message and produce a new one with a valid signature because this is considered computationally impossible.

Non-repudiation

Non-repudiation or the impossibility of denying the origin of a letter is an important aspect in the development of digital signature. What it is? This means that the entity that submitted some information cannot subsequently deny that it signed it. Likewise, access to the public key prevents attackers from forging a valid signature. The use of digital signature for individuals has the same consequences.

At the same time, attention should be paid to the fact that all the properties of authenticity, reliability, etc. depend on a private key, which must not be revoked before it is used. Public keys must also be revoked when paired with private keys after use. Checking the digital signature for “revocation” occurs upon a specific request.

Entering a secret key on a smart card

All public/private key cryptosystems rely entirely on keeping the data secret. The EDS secret key can be stored on the user's computer and be protected by a local password. However, this method has two disadvantages:

• the user can sign documents exclusively on this specific computer;
• The security of the private key depends entirely on the security of the computer.

A more secure alternative for storing the private key is a smart card. Many smart cards are tamper-resistant.

Typically, the user must activate their smart card by entering a personal identification number or PIN (thus ensuring that it can be arranged so that the private key never leaves the smart card, although this is not always implemented in crypto digital signatures.

If the smart card is stolen, the attacker will still need the PIN to create a digital signature. This somewhat reduces the security of this scheme. A mitigating factor is that the generated keys, if stored on smart cards, are generally difficult to copy and are assumed to exist in only one copy. Thus, when the loss of a smart card is detected by the owner, the corresponding certificate can be immediately revoked. Private keys protected only by software are easier to copy and such leaks are much more difficult to detect. Therefore, using digital signature without additional protection is unsafe.